cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
210
Views
0
Helpful
2
Replies
Highlighted

FMC SSL Policy Block EC Curve

Hi All,

I have SSL Policy enabled on some ACs. Everything was working fine for a while until today I upgraded FMC and Firepower to 6.2.3.13 from 6.2.3.7. Our workers started complaining about not being able to connect to webmail. I checked connection events and saw that connections are block because SSL Policy with reason EC Curve not supported. I tried couple  workarounds from BUGs and forums but with no result.

First of all I wonder why it started not to work after upgrading the patch. Moreover, I want to know why connection contains EC curves. My certificate is RSA based.

Everyone's tags (5)
2 REPLIES 2
Hall of Fame Master

Re: FMC SSL Policy Block EC Curve

Go straight to TAC with this issue.

You may be hitting this behavior:

https://www.cisco.com/c/en/us/td/docs/security/firepower/command_ref/b_Command_Reference_for_Firepower_Threat_Defense/s_8.html#wp1497969539

The fix is easy but should only be done after TAC confirms and recommends it.

Re: FMC SSL Policy Block EC Curve

Hi Marvin,

I have already tried to tweak clien_hello.cnf from firepower by following related bugs but with no result.